Cyber News Rundown: Zenis Ransomware Deletes Backups

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Zenis Ransomware Makes Resolution Problematic for Victims

Researchers recently discovered a new ransomware variant named Zenis that encrypts in the usual way, but, in a new twist, also deletes all available backups and event logs, and even disables startup repair. In a further departure from the norm, the ransom note doesn’t mention a specific price. Instead, the author requests that victims send the ransom note and another small file to various email addresses to verify that the ransomware author can decrypt them. The author then sends a final price, likely based on the types and quantity of files that will need to be encrypted. It’s still unclear how the variant is being distributed—possibly through RDP or spam emails.

Orbitz Suffers Major Data Breach

Travel site Orbitz has admitted to being the latest victim in a continuing trend of data breaches that affect hundreds of thousands of customers. In this case, the data for nearly 800,000 Orbitz customers was compromised, and the breach lasted from January 2016 until December of 2017. While officials are still working to determine the initial access point, they have discovered that the lost data included full payment info, as well as complete personal data for the company’s customers.

Fake Amazon Ad Achieves Top Position in Google Search Results

In the last several days, researchers found that the top search result for Amazon.com was actually fake and was redirecting anyone who clicked it to a fake tech support page that tried to scare the visitor into contacting Windows Support. Fortunately, Google worked quickly to remove the malicious link from its search results, and GoDaddy took down the domain within an hour of being notified.

Facebook Faces Backlash After Misuse of Sensitive Data

Facebook has announced that the personal data for nearly 50 million users had been illicitly obtained by a third-party analytics firm, which carefully maneuvered through Facebook’s Terms of Service to get data on more than just consenting users. While the data collection app was knowingly downloaded by 270,000 users, the app itself collected not only their data, but the personal data of their entire network of friends. Though Facebook removed the app in 2015 and demanded that the data be destroyed, the app’s creator ignored the request and continued using it for profit.

Celebrity Picture Contains Hidden Crypto-miner

Hackers have recently taken to using image files to distribute malware and other malicious content, as they are simple to reconfigure and difficult to detect. In the latest case, a picture of Scarlett Johansson contained functionality that executed shell commands on a user’s machine and mined Monero cryptocurrency. It had already acquired ~$90,000 worth of Monero by the time of discovery.

About the Author

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Twitter Feed

Are your children prepared to protect their privacy? Join our discussion in the #Webroot Community around safe cyber habits for families and get free educational resources to teach #CyberSmart practices: https://t.co/24OL8gtapq #CyberAware

Cyber attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia. #AI and #machinelearning can protect your business from adding to that number. #MSP #smallbiz https://t.co/Eocm5o5T1A